__________ __ ________________ / _____/ \ / \/ _ \__ ___/___ _____ _____ \_____ \\ \/\/ / /_\ \| |_/ __ \\__ \ / \ / \\ / | \ |\ ___/ / __ \| Y Y \ /_______ / \__/\ /\____|__ /____| \___ >____ /__|_| / \/ \/ \/ \/ \/ \/ [ 1998 - 2010 - Hacking, Phreaking & Anarchy in the UK ] January 12 2010 . Author -=The Firestarter=- ---------------------------------------------------------- [ Digital properganda: 0wning printers ] ---------------------------------------------------------- Here's a simple tactic that can be employed to spread numerous forms of properganda across cyberspace and into infinity! That is, we shall be finding a few office printers that are sat openly on the internet and exploiting them for our own gain! Now printers can be handy things, once inside them it doesn't take much more than a "help" command to give you a list of wonderous things to do with it. Now the simple ones amoungst us might not want to play with the settings of such machines, but the smart ones, will exploit the living shit out of them, as well as running there toner down with numerous forms of properganda. First things first, we need to locate some printers, this can be easier than you think, and with a little thought, you can almost victimize companies of your choice. So, if you've got brains, you'll follow me, if not you'll just pretend to understand, hehe you KNOW its the truth. So how are we going to find these printers? We shall use the following tools: wGatescan 4.0b - popular wingate scanner Grinder 1.1 - 'ye old HTTP banner identifier Essential Nettools - k-rad nettools Ok, Using Grinder over ranges of IPs will soon enough churn out some machines that are running odd looking HTTP daemons (HP lazerjet webserver etc), pop the IP into your browser and you'll be presented with a nice little screen with loads of printer stats on! If your lucky you'll probably be able to edit admin settings from it, if not, try telnetting in. Thats where wGateScan comes in, sweep IP ranges on port 23 and see how long it takes us to telnet into a print server (usually an hour of scanning finds plenty of printers to piss about with until your board), no doubt you'll also find wingates, other fun telnet servers as well as a range of fun shite. Ok, back to the telnet print server. Most of the time (in my experience), printers don't tend to have passwords on them, doesn't seem like people seem to target them often enough to warrent some massive printer security overhaul!. Heres a good example of one: -------------------------------- HP JetDirect Password is not set Please type "menu" for the MENU system, or "?" for help, or "/" for current settings. > -------------------------------- Anyhow, each printers different, but most of the time you'll be able to change a few settings, such as paper size, headers and footers, as well as making the printer add other useless shit to the prints. You'll also be able to update the printers network settings as well as swiping some info on the internal network (which you can always use to aid a break in). > / ===JetDirect Telnet Configuration=== HP JetDirect : J4169A Firmware Version : L.21.22 Manufacturing ID : 21214135902121 Hardware Address : 00:01:E6:55:FA:1C System Up Time : 256:33:09 GENERAL____________________________________ Admin Password : Not Specified System Location : Not Specified System Contact : Not Specified TCP/IP MAIN________________________________ Host Name : NPI55FA1C IP Config Method : DHCP IP Address : xx.xxx.xx.xxx Subnet Mask : 255.255.254.0 (Read-Only) Default Gateway : xx.xxx.xx.x (Read-Only) Config Server : xxx.xxx.xx.xx (Read-Only) TFTP Server : Not Specified (Read-Only) TFTP Filename : Not Specified (Read-Only) Domain Name : Not Specified DNS Server : xx.xxx.xxx.xxx (Read-Only) Pri WINS Server : 127.0.0.1 (Read-Only) Sec WINS Server : Not Specified x-- Snipped useless network setting crap --x SUPPORT____________________________________ Support Name : Not Specified Support Number : Not Specified Support URL : http://www.hp.com/go/jetdirect Tech Support URL : http://www.hp.com/go/support > Ok so thats pretty much all the useless crap you can get from them (other than a few bits of shit that make no difference). So what shall we do? Its possible to change the password, then alter all the network settings, ensuring a bit of a headache for the administrator of the network. But in this instance we'll just be a bit of a ball ache for them, look thru the settings and see if its possible to turn off any form of logging (syslog or something) syslog-config 0 to disable, 1 to enable (UDP port 514) syslog-svr IP address in dotted notation, 0.0.0.0 to disable syslog-max integer (1..1000), 0 to disable syslog-priority integer (0..7), 8 to disable syslog-facility integer (6, 16..23), LPR, LOCAL0..LOCAL7 just some shit like that, turn if off. Now the machine shouldn't log that your printing too it, but even if it does, they ain't gonna do shit! Also if there are setting that print "banners" such as the IP address of the person printing, then turn them off too! Should those methods fail, use nettools to scan for open file and print sharing! Once you've located a box or two... Time for a little bit of childish fun... Add the printer to your machine (as a network one duh!!!) Now lets begin our small printing firm!! Yup, you'll have guessed it, we're going to waste all of the toner and paper in the printer! But not in a childish way! i mean if you want to print off 500 copies of g0 then go ahead, but personally, i think we should turn it into our own properganda leaflet machine! The process is simple, we take a nice contraversial leaflet/flyer/whatever and have the printer go overtime on knocking them out! Could always be cheeky and call up the office in the morning and ask if they got the leaflets printed on time, and if so can you come and collect them But the point to it all is, you have a machine whereby you can churn out all manner of offensive material to be discovered by early morning office monkeys! Added bonus, i've found that a lot of the time you tend to get clusters of printers in IP ranges, most likely just under-paid administrators not giving a shit about whats not behind the firewall, one can use this newly found office printer colony to mass-produce all manner of soon-to-be recycled material, which of course would cost them in toner and paper! Not a very high cost i know, but once there admin has gone around and changed all the ink and toner (which will probably be by mid-morning) simply repeat the process! full-on symiltanious 10-printer "Happy Birthday Osama-bin Ladin" posters, compleat with an invitation to the Twin Towers flying display team celebrations near some local airport!